The Dos and Don’ts to keep your data safe at your workplace

Data security is an extremely important aspect of any thriving organisation. Especially for digital and software enterprises. It’s a responsibility that falls on the shoulders of both the management as well as the individual units of an organisation – the employees. Each individual is key in the way the company functions. So, it’s important that everyone understands the necessity of protecting the work they do. And the tools they use to complete those tasks. By following a few simple precautions, not only can it help avoid any potential data leaks, but also keep individuals safe.

More Light on Physical security

Risk 1: Theft through unknown Sources

DOs:

Use your own ID cards and swipe on Entry and Exit of office premises

Always display your ID cards and co-operate with security checks if any. As it is for your own safety.

Know your office premises.

Avoid photographs on production floors.

Be aware of data sensitivities and handle floor with care.

Inform Admin in case of loss of ID cards.

Follow IT Assets undertaking policy and sign the relevant documents if you are using an official IT asset.

Ensure safety stickers are placed in the office assets before you sign the Undertaking form

Use office assets inside office premises and for office use only unless specifically approved to carry it outside office premises.

Inform relevant team on any change to the existing system and the change needs to be performed with concerned approval.

Handle it with care as the signed person would hold sole ownership of the device in case of damage.

Use your assigned official assets such as Keyboard, mouse, laptop or any Cables

Contact IT Support in need of any additional or to replace assets

DON’Ts:

Don’t misuse official assets

Don’t carry devices without concerned approval or without proper business need/justification

Don’t remove any devices without intimating IT team and Admin.

Don’t demand assets unless required for justified business purpose

Don’t delay in informing IT team in case of damage or loss as the data in every system is organization’s crucial asset.

Don’t grab unattended cables, mouse, keyboard or any assets which does not belong to you, though in need for an official purpose.

Cybersecurity shouldn’t be ignored as well

Risk 1: Passwords

DOs:

Use hard-to-guess passwords or passphrases.

Have a minimum of 10 characters using uppercase letters, lowercase letters numbers and special characters. To make it easy for you to remember but hard for an attacker to guess, create an acronym.

Use different passwords for different accounts. If one password gets hacked, your other accounts are not compromised.

DON’Ts

Don’t share your password with anyone. Keep it confidential at all costs.

Don’t write your password down anywhere.

Don’t use the same password for every account.

Risk 2: Breach of confidential data

DOs

Lock your phone and laptop when not in use.

Avoid using Wi-Fi hotspots. When you must, use agency provided virtual private network software to protect the data.

Keep an eye out for phishing traps sent through email and for tell-tale signs of a cyber scams.

Be aware of your surroundings when printing, copying, faxing or discussing sensitive information. Pick up information from printers, copiers or faxes in a timely manner.

Destroy information properly when it is no longer needed. Throw paper in designated confidential destruction bins throughout the office or use a crosscut shredder. Erase whiteboards after use. For all electronic storage media, consult with IT.

DON’Ts

Don’t leave sensitive information, like printouts or portable media containing private information lying around the office. Lock them in a drawer to reduce risk of unauthorized access to them.

Don’t click on links from unknown or untrusted sources. Or open suspicious mails/attachments

Don’t respond to phone calls or emails requesting for confidential data. It’s easy for an unauthorized person to call and pretend to be an employee or business partner.

Don’t plug in portable devices without permission from your agency management. These devices may be compromised with code just waiting to launch as soon as you plug them into a computer.